Daily NCSC-FI news followup 2020-12-04

KUTSU TRAFICOMIN KYBERTURVALLISUUSKESKUKSEN MEDIAWEBINAARIIN: ONKO KODIN ÄLYLAITE AVOIN OVI HAKKERILLE?

www.epressi.com/tiedotteet/teknologia/kutsu-traficomin-kyberturvallisuuskeskuksen-mediawebinaariin-onko-kodin-alylaite-avoin-ovi-hakkerille.html Verkossa olevat älylaitteet voivat olla kanava koteihin suuntautuviin tietoturvahyökkäyksiin. Siksi tuotteiden valmistajien ja markkinoijien täytyy varmistaa laitteidensa tietoturvataso. Miten vuosi sitten Liikenne- ja viestintävirasto Traficomin julkistama Tietoturvamerkki on otettu vastaan yrityksissä? Miten se auttaa kuluttajia löytämään tietoturvallisen älylaitteen?. Ilmoittaudu mediawebinaariimme viimeistään ti 8.12. klo 12.00

JAMK julkaisi avoimen verkkokurssin, joka vie keskelle kyberhyökkäystä osa suurempaa kyberharjoitusta

www.jamk.fi/fi/Uutiset/jamk-julkaisi-avoimen-verkkokurssin-joka-vie-keskelle-kyberhyokkaysta–osa-suurempaa-kyberharjoitusta/ Jyväskylän ammattikorkeakoulu on julkaissut välittömästi saataville kaikille avoimen kyberturvallisuuden verkkokurssin pilotin. Kurssi on avoinna 17.12. klo 15 saakka. Kurssi kytkeytyy Euroopan laajuiseen kyberturvallisuusharjoitukseen, jonka JAMK järjestää tammikuussa 2021.

Cyber-warning for festive shoppers

www.bbc.com/news/technology-55171454 Online shoppers are being warned of the risks of cyber-fraud during the festive season. The National Cyber Security Centre (NCSC) – part of GCHQ – is launching a major campaign called Cyber Aware with its first ever TV ads.

Novel Online Shopping Malware Hides in Social-Media Buttons

threatpost.com/online-shopping-malware-social-media-buttons/161903/ The skimmer steals credit-card data, using steganography to hide in plain sight in seemingly benign images. Read also:

sansec.io/research/svg-malware

Leaking Browser URL/Protocol Handlers

www.fortinet.com/blog/threat-research/leaking-browser-url-protocol-handlers Generally speaking when talking about Protocol Handlers we are referring to a mechanism which allows applications to register their own URI scheme. This enables the execution of processes through the use of URI formatted strings. In this post we will discuss what are protocol handlers and disclose two information disclosure vulnerabilities affecting three major browsers (namely – Firefox, Edge and Chrome). Exploiting these vulnerabilities will enable a remote attacker to identify the presence of a vast amount of applications that may be installed on a targeted system.

Metro Vancouver’s transit system hit by Egregor ransomware

www.bleepingcomputer.com/news/security/metro-vancouvers-transit-system-hit-by-egregor-ransomware/ The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.

Alert Regarding Vulnerability (CVE-2020-17527) in Apache Tomcat

www.jpcert.or.jp/english/at/2020/at200045.html On December 3, 2020 (Local Time), Apache Software Foundation has released information regarding a vulnerability (CVE-2020-17527) in Apache Tomcat. According to the information, Apache Tomcat could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. It is possible that this could lead to the leakage between requests, while this would most likely lead to an error and the closure of the HTTP/2 connection.

IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain

securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/ At the onset of the COVID-19 pandemic, IBM Security X-Force created a threat intelligence task force dedicated to tracking down COVID-19 cyber threats against organizations that are keeping the vaccine supply chain moving. As part of these efforts, our team recently uncovered a global phishing campaign targeting organizations associated with a COVID-19 cold chain. The cold chain is a component of the vaccine supply chain that ensures the safe preservation of vaccines in temperature-controlled environments during their storage and transportation.

Cybersecurity Trends 2021: Staying secure in uncertain times

www.welivesecurity.com/2020/12/03/cybersecurity-trends-2021-staying-secure-uncertain-times/ ESET experts look back at some of the key themes that defined the cybersecurity landscape in the year that’s ending and give their takes on what to expect in 2021. Read also:

www.welivesecurity.com/wp-content/uploads/2020/11/ESET_Cybersecurity_Trends_2021.pdf

BlackShadow hackers extort Israeli insurance company for $1 million

www.bleepingcomputer.com/news/security/blackshadow-hackers-extort-israeli-insurance-company-for-1-million/ On Monday, a cybercrime group calling themselves ‘BlackShadow’ tweeted that they hacked into the Israeli Shirbit insurance company and stole files during the attack.

How Organizations Can Prevent Users from Using Breached Passwords

thehackernews.com/2020/12/how-organizations-can-prevent-users.html No matter how extensive your security solutions are, protecting the various systems in your environment, your organization may likely be an easy target without proper password security. An especially vulnerable type of password is a breached password, a.k.a “pwned” password. Read also:

www.ibm.com/security/digital-assets/cost-data-breach-report/#/

Suomeen tulee outoja +212-soittoja tartuimme puhelimeen ja soitimme takaisin

www.is.fi/digitoday/tietoturva/art-2000007660321.html Suomeen soitetaan jatkuvasti huijauspuheluita. Suuri osa niistä on Microsoftin nimissä tehtäviä puhelintukihuijauksia, joissa soittaja väittää uhrin koneella olevan haittaohjelmia ja puhdistuksen olevan tarpeen. Soittajan tarkoitus on päästä uhrin rahoihin käsiksi. Toinen huijaustyyppi ovat wangiri- eli hälärihuijaukset, jotka perustuvat kalliiksi käyvään takaisinsoittoon.

The chronicles of Emotet

securelist.com/the-chronicles-of-emotet/99660/ More than six years have passed since the banking Trojan Emotet was first detected. During this time it has repeatedly mutated, changed direction, acquired partners, picked up modules, and generally been the cause of high-profile incidents and multimillion-dollar losses. The malware is still in fine fettle, and remains one of the most potent cybersecurity threats out there. The Trojan is distributed through spam, which it sends itself, and can spread over local networks and download other malware.

Tibet and Taiwan Targeted in Spearphishing Campaigns Using MESSAGEMANIFOLD Malware

www.recordedfuture.com/messagemanifold-malware-spearphishing-campaigns/ In October 2020, during an investigation of a spearphishing campaign targeting the Tibetan community, Recorded Future’s Insikt Group discovered links to an unknown threat activity group previously engaged in activity targeting Taiwanese legislators in May of 2020. Insikt Group identified multiple overlaps between the two campaigns, including the use of the same hosting provider, similar email themes, and the use of Google Drive links to download the same malware variant. In both campaigns, the group used an unreported malware variant which Insikt Group calls MESSAGEMANIFOLD.

How Cloudflare Became The Most Important Internet Company Nobody Has Heard Of

www.forbes.com/sites/johndunn/2020/12/04/how-cloudflare-became-the-most-important-internet-company-nobody-has-heard-of/ In a perfect world, big networks that hold up important parts of the Internet would never be brought down by single points of failure (SPOFs) but unfortunately there is no such thing as a perfect world.

Metro Vancouver’s transit system hit by Egregor ransomware

www.bleepingcomputer.com/news/security/metro-vancouvers-transit-system-hit-by-egregor-ransomware/ The Egregor ransomware operation has breached Metro Vancouver’s transportation agency TransLink with the cyberattack causing disruptions in services and payment systems.

Kmart nationwide retailer suffers a ransomware attack

www.bleepingcomputer.com/news/security/kmart-nationwide-retailer-suffers-a-ransomware-attack/ US department store Kmart has suffered a ransomware attack that impacts back-end services at the company, BleepingComputer has learned.

FBI: You may be a money mule and not even know it

www.bleepingcomputer.com/news/security/fbi-you-may-be-a-money-mule-and-not-even-know-it/ The FBI has warned of an increasing number of scammers preying on unemployed Americans by trying to recruit them into their money mule schemes and use them to launder funds obtained via fraud, online scams, and other types of criminal activities.

You might be interested in …

Daily NCSC-FI news followup 2020-06-21

Ransomware operators lurk on your network after their attack www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/ When a company suffers a ransomware attack, many victims feel that the attackers quickly deploy the ransomware and leave so they won’t get caught. Unfortunately, the reality is much different as threat actors are not so quick to give up a resource that they worked […]

Read More

Daily NCSC-FI news followup 2020-07-16

Britannia, USA ja Kanada epäilevät Venäjää koronarokotetutkijoiden vakoilusta yle.fi/uutiset/3-11451847 Maiden mukaan hakkeriryhmä APT29 eli Cozy Bear on hyökännyt rokotetutkimuksessa mukana olevia tutkimusryhmiä vastaan, niin akateemisia kuin lääketeollisuudenkin. Katso myös: www.ncsc.gov.uk/news/uk-and-allies-expose-russian-attacks-on-coronavirus-vaccine-development ja www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development Useita poliitikkojen ja julkisuuden henkilöiden Twitter-tilejä kaapattiin – Bitcoin-valuuttaa onnistuttiin huijaamaan yli 100 000 euron arvosta yle.fi/uutiset/3-11450130 Viestejä lähetettiin muun muassa Yhdysvaltojen entisen […]

Read More

Daily NCSC-FI news followup 2020-06-25

As organizations get back to business, cyber criminals look for new angles to exploit blog.checkpoint.com/2020/06/25/as-organizations-get-back-to-business-cyber-criminals-look-for-new-angles-to-exploit/ Criminals are using COVID-19 training for employees as phishing bait. Non coronavirus-related headline news (including Black Lives Matter) being used in phishing scams. Weekly cyber-attacks increase 18% compared to May average. However, Covid-19 related cyber-attacks down 24% compared to May. […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.